Summary: | <net-misc/rsync-3.2.0: Multiple vulnerabilities (CVE-2016-{9840,9841,9842,9843}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, herrtimson |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://rsync.samba.org/ftp/rsync/rsync-3.2.0-NEWS | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=728882 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
net-misc/rsync-3.2.0-r1
|
Runtime testing required: | --- |
Bug Depends on: | 728868, 728898, 729582 | ||
Bug Blocks: | 728850 |
Description
Sam James
2020-06-19 23:20:22 UTC
[Note that USE=system-zlib is not vulnerable to this, because of the fixes in bug 601828]. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f8b0a10cde068cb69c2714a61b5f8d00e96ea99 commit 9f8b0a10cde068cb69c2714a61b5f8d00e96ea99 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-06-20 01:20:59 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-06-20 01:28:09 +0000 net-misc/rsync: Bump to version 3.2.0. Removed old Bug: https://bugs.gentoo.org/728852 Package-Manager: Portage-2.3.101, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/rsync/Manifest | 2 +- net-misc/rsync/files/rsync-3.2.0-simd_check.patch | 24 ++++++++++++++++++++++ .../rsync/files/rsync-3.2.0_pre3-simd_check.patch | 24 ---------------------- ...{rsync-3.2.0_pre3.ebuild => rsync-3.2.0.ebuild} | 4 ++-- 4 files changed, 27 insertions(+), 27 deletions(-) Unable to check for sanity:
> no match for package: net-misc/rsync-3.2.0
x86 stable arm64 stable arm stable ppc stable ppc64 stable s390 stable hppa/sparc stable amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eb79a6c9300e9385ffb6eac6fff0ef041bef693 commit 5eb79a6c9300e9385ffb6eac6fff0ef041bef693 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-06-25 08:22:20 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-06-25 08:34:41 +0000 net-misc/rsync: Security cleanup Bug: https://bugs.gentoo.org/728852 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/rsync/Manifest | 1 - net-misc/rsync/rsync-3.1.3.ebuild | 91 --------------------------------------- 2 files changed, 92 deletions(-) commit 98406e6c893975bb61cddd26dfbb083bc03c6cb4 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Thu Jun 25 11:19:46 2020 Revert "net-misc/rsync: Security cleanup" This reverts commit 5eb79a6c9300e9385ffb6eac6fff0ef041bef693. because >=rsync-3.2.0 has no riscv keyword yet Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Cleanup done. This issue was resolved and addressed in GLSA 202007-54 at https://security.gentoo.org/glsa/202007-54 by GLSA coordinator Sam James (sam_c). |